global maxconn 256 log 127.0.0.1 local0 ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL ssl-default-bind-options no-sslv3 defaults log global timeout connect 5000ms timeout client 50000ms timeout server 50000ms mode tcp option tcplog option dontlognull retries 3 timeout http-request 5000ms timeout http-keep-alive 2000ms timeout queue 5000ms timeout tunnel 60000ms timeout client-fin 1000ms timeout server-fin 1000ms resolvers docker_resolver nameserver dns-0 127.0.0.11:53 hold valid 10000ms resolve_retries 3 timeout retry 1000ms timeout resolve 1000ms #Frontends frontend http bind *:80 mode http #ACLs acl letsencrypt-acl path_beg /.well-known/acme-challenge/ acl blog-host hdr_sub(host) -i blog.terminaldweller.com acl mail-host hdr_sub(host) -i mail.terminaldweller.com acl api-host hdr_sub(host) -i api.terminaldweller.com acl jabber-host hdr_sub(host) -i jabber.terminaldweller.com acl searx-host hdr_sub(host) -i searx.terminaldweller.com acl editor-host hdr_sub(host) -i editor.terminaldweller.com acl editorsave-host hdr_sub(host) -i editorsave.terminaldweller.com acl devourer-host hdr_sub(host) -i mila.terminaldweller.com acl discord-host hdr_sub(host) -i discord.terminaldweller.com acl rssgen-host hdr_sub(host) -i rssgen.terminaldweller.com acl git-host hdr_sub(host) -i git.terminaldweller.com acl cargo-host hdr_sub(host) -i cargo.terminaldweller.com acl browsh-host hdr_sub(host) -i browsh.terminaldweller.com acl mila-api-acl url_beg /mila acl crypto-api-acl url_beg /crypto acl http ssl_fc,not #Redirects #this will prevent any letsencrypt cert challenges from working #http-request redirect scheme https if http http-request redirect scheme https code 301 if http blog-host !letsencrypt-acl http-request redirect scheme https code 301 if http editor-host !letsencrypt-acl http-request redirect scheme https code 301 if http editorsave-host !letsencrypt-acl http-request redirect scheme https code 301 if http api-host !letsencrypt-acl http-request redirect scheme https code 301 if http devourer-host !letsencrypt-acl http-request redirect scheme https code 301 if http searx-host !letsencrypt-acl http-request redirect scheme https code 301 if http git-host !letsencrypt-acl # http-request redirect scheme https code 301 if http rssgen-host !letsencrypt-acl http-request redirect scheme https code 301 if http cargo-host !letsencrypt-acl #http-request redirect scheme https code 301 if http jabber-host !letsencrypt-acl # http-request redirect scheme https code 301 if http rssgen-host !letsencrypt-acl #Conditions use_backend blog-backend-cert if letsencrypt-acl blog-host use_backend blog-backend-cert if letsencrypt-acl editor-host use_backend blog-backend-cert if letsencrypt-acl editorsave-host use_backend cloud-one-cert if letsencrypt-acl devourer-host use_backend searx-backend-cert if letsencrypt-acl jabber-host use_backend api-crypto-backend-cert if letsencrypt-acl api-host use_backend api-mila-backend-cert if letsencrypt-acl api-host use_backend searx-backend-cert if letsencrypt-acl searx-host use_backend searx-backend-cert if letsencrypt-acl rssgen-host use_backend searx-backend-cert if letsencrypt-acl git-host use_backend searx-backend-cert if letsencrypt-acl cargo-host # use_backend editor-backend-cert if letsencrypt-acl editor-host use_backend certbot-backend if letsencrypt-acl !jabber-host !blog-host !api-host use_backend blog-backend if blog-host use_backend mail-backend if mail-host use_backend api-backend if api-host use_backend searx-backend if searx-host use_backend git-backend if git-host use_backend rssgen-backend if rssgen-host use_backend browsh-backend if browsh-host #use_backend chat-backend if chat-host default_backend blog-backend frontend https bind *:443 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject #ACLs acl mail-host-s req.ssl_sni -i mail.terminaldweller.com acl jabber-host-s req.ssl_sni -i jabber.terminaldweller.com acl blog-host-s req.ssl_sni -i blog.terminaldweller.com acl jericho-host-s req.ssl_sni -i jericho.terminaldweller.com acl api-host-s req.ssl_sni -i api.terminaldweller.com acl mila-api-host-s req.ssl_sni -i mila.terminaldweller.com acl searx-host-s req.ssl_sni -i searx.terminaldweller.com acl git-host-s req.ssl_sni -i git.terminaldweller.com acl cargo-host-s req.ssl_sni -i cargo.terminaldweller.com acl editor-host-s req.ssl_sni -i editor.terminaldweller.com acl editorsave-host-s req.ssl_sni -i editorsave.terminaldweller.com acl discord-host-s req.ssl_sni -i discord.terminaldweller.com acl rssgen-host-s req.ssl_sni -i rssgen.terminaldweller.com #Conditions use_backend mail-backend-s if mail-host-s #use_backend chat-backend-s if chat-host-s use_backend jericho-backend-s if jericho-host-s use_backend blog-backend-s if blog-host-s #use_backend api-crypto-backend-s if api-host-s crypto-api-acl use_backend api-crypto-backend-s if api-host-s use_backend api-mila-backend-s if mila-api-host-s use_backend searx-backend-s if searx-host-s use_backend cargo-backend-s if cargo-host-s use_backend editor-backend-s if editor-host-s use_backend editorsave-backend-s if editorsave-host-s use_backend git-backend-s if git-host-s use_backend rssgen-backend-s if rssgen-host-s #frontend jabber5222 # bind *:5222 # mode tcp # use_backend chat-backend-c2s #frontend jabber5222 # bind *:5222 # timeout client 60s # mode tcp # tcp-request inspect-delay 5s # tcp-request content accept if { req.ssl_hello_type 1 } # tcp-request content reject # acl chat-host-s req.ssl_sni -i chat.terminaldweller.com # use_backend chat-backend-c2s if chat-host-s frontend jabbber5222 bind *:5222 timeout client 60s mode tcp #tcp-request inspect-delay 5s #tcp-request content accept if { req.ssl_hello_type 1 } #tcp-request content reject acl jabber-host req.ssl_sni -i jabber.terminaldweller.com use_backend jabber-backend-c2s if jabber-host frontend jabber5223 bind *:5223 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl jabber-host-s req.ssl_sni -i jabber.terminaldweller.com use_backend jabber-auth-backend-s if jabber-host-s frontend jabber5280 bind *:5280 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl jabber-host req.ssl_sni -i jabber.terminaldweller.com use_backend jabber-backend-admin if jabber-host frontend jabber5443 bind *:5443 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl jabber-host-s req.ssl_sni -i jabber.terminaldweller.com use_backend jabber-backend-s if jabber-host-s frontend mail-imap bind *:143 mode http acl mail-host hdr_sub(host) -i mail.terminaldweller.com use_backend mail-backend-imap if mail-host frontend mail-imaps bind *:993 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl mail-host-s req.ssl_sni -i mail.terminaldweller.com use_backend mail-backend-imaps if mail-host-s frontend mail-pop3 bind *:110 mode http acl mail-host hdr_sub(host) -i mail.terminalweller.com use_backend mail-backend-pop3 if mail-host frontend mail-pop3s bind *:995 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl mail-host-s req.ssl_sni -i mail.terminaldweller.com use_backend mail-backend-pop3s if mail-host-s frontend mail-smtp bind *:25 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl mail-host req.ssl_sni -i mail.terminaldweller.com use_backend mail-backend-smtp if mail-host frontend mail-smtps bind *:465 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl mail-host-s req.ssl_sni -i mail.terminaldweller.com use_backend mail-backend-smtps if mail-host-s frontend mail-submission bind *:587 timeout client 60s mode tcp tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content reject acl mail-host-s req.ssl_sni -i mail.terminaldweller.com acl mail-host-ss req.ssl_sni -i terminaldweller.com use_backend mail-backend-submission if mail-host-s use_backend mail-backend-submission if mail-host-ss #Backends backend certbot-backend mode http server nginx nginx:80 resolvers docker_resolver check init-addr none backend blog-backend mode http option forwardfor server blog-host 192.99.102.52:9001 check backend blog-backend-cert mode http option forwardfor server blog-host 192.99.102.52:80 backend cloud-one-cert mode http option forwardfor server cloud-one-host 185.130.47.208:80 backend blog-backend-s mode tcp option tcp-check server blog-host 192.99.102.52:9000 check backend jericho-backend-s mode tcp option tcp-check server blog-host 192.99.102.52:9000 check backend mail-backend mode http option forwardfor server mail-host 185.126.202.69:80 backend mail-backend-s mode tcp option tcp-check server mail-host 185.126.202.69:443 check backend mail-backend-imap mode http option forwardfor server mail-host 185.126.202.69:143 check backend mail-backend-imaps mode tcp #option tcp-check server mail-host 185.126.202.69:993 check backend mail-backend-pop3 mode http option forwardfor server mail-host 185.126.202.69:110 check backend mail-backend-pop3s mode tcp #option tcp-check server mail-host 185.126.202.69:995 check backend mail-backend-smtp mode tcp #option tcp-check server mail-host 185.126.202.69:25 check backend mail-backend-smtps mode tcp option tcp-check server mail-host 185.126.202.69:465 check backend mail-backend-submission mode tcp option tcp-check server mail-host 185.126.202.69:587 backend api-backend mode http option forwardfor server api-host 192.99.102.52:8008 check backend api-crypto-backend-s mode tcp option tcp-check server api-host 192.99.102.52:8008 backend api-crypto-backend-cert mode http option forwardfor server api-host 192.99.102.52:80 backend api-mila-backend-s mode tcp option tcp-check server api-mila-host 185.130.47.208:9009 backend api-mila-backend-cert mode http option forwardfor server api-mila-host 185.130.47.208:80 backend jabber-backend-admin mode tcp option tcp-check server jabber-host 185.130.47.208:5280 backend jabber-backend-s mode tcp option tcp-check server jabber-host 185.130.47.208:5443 backend jabber-backend-c2s mode tcp server jabber-host 185.130.47.208:5222 backend jabber-auth-backend-s mode tcp option tcp-check server jabber-host 185.130.47.208:5223 backend searx-backend-cert mode http server searx-host-cert 185.130.47.208:80 backend searx-backend mode http server searx-host 185.130.47.208:8080 backend searx-backend-s #balance roundrobin mode tcp option tcp-check server searx-host-s 185.130.47.208:8081 maxconn 10 #server searx-host-s 192.99.102.52:8081 maxconn 10 backend cargo-backend-s mode tcp option tcp-check server cargo-host-s 185.130.47.208:7777 backend editor-backend-s mode tcp option tcp-check server editor-host-s 192.99.102.52:7080 backend editorsave-backend-s mode tcp option tcp-check server editorsave-host-s 192.99.102.52:9080 backend rssgen-backend mode http server rssgen-host-s 185.130.47.208:3000 backend rssgen-backend-s mode tcp option tcp-check server rssgen-host-s 185.130.47.208:3000 backend git-backend mode http option forwardfor server git-host 185.130.47.208:8042 backend git-backend-s mode tcp option tcp-check server git-host-s 185.130.47.208:8043 check backend browsh-backend mode http server browsh-host 185.130.45.46:4333